Use GetVar(), PostVar(), RequestVar(), and SessionVar(). Never access $_GET, $_POST directly. I've notice some weird behavior with GetVar(), PostVar(), RequestVar(), and SessionVar(), so becareful when using them. If these functions are not working correctly for you, please send me an email.

Always use <?php ?>. The short tag conflict with XML. Stick with the standard <?php ?> as it will be guaranteed to be supported in all future versions.

Do not put phpinfo() in your Webroot

Keep function outside of loops

Use a configuration file for storing application configurations. This configuration file is different across different environments (development, testing, production), therefore should not be in the same repository with the code. The operation team, or the release team, may wish to keep configuration file for production environment in a separate repository for history / rolling back the code.

Information for connecting to databases (IP address, username, and password) are configuration settings

Turn off error reporting with error_reporting(0), and then turn it on if the configuration indicate that this is a development environment